diff --git a/hosts/i001/hardware-mounts.nix b/hosts/i001/hardware-mounts.nix index 93f5bdeb..25aacd25 100644 --- a/hosts/i001/hardware-mounts.nix +++ b/hosts/i001/hardware-mounts.nix @@ -11,6 +11,8 @@ let USB_KEY = "/dev/disk/by-uuid/9985-EBD1"; inherit (utils) escapeSystemdPath; + + primaryDeviceUnit = "${escapeSystemdPath PRIMARY}.device"; in { # BOOT @@ -109,30 +111,26 @@ in wantedBy = [ "initrd.target" ]; before = [ "sysroot.mount" ]; - # Wait for udev so the /dev/disk/by-uuid path and the USB key appear - requires = [ "systemd-udev-settle.service" ]; - after = [ "systemd-udev-settle.service" ]; + requires = [ primaryDeviceUnit ]; + after = [ primaryDeviceUnit ]; - serviceConfig = { - Type = "oneshot"; - # NOTE: put the real password here, or better: read it from USB_KEY - # ExecStart = '' - # /bin/sh -c 'echo "password" | ${pkgs.bcachefs-tools}/bin/bcachefs unlock ${PRIMARY}' - # ''; - # ExecStart = '' - # /bin/sh -c 'mount -o ro ${USB_KEY} /key && \ - # cat /key/bcachefs.key | ${pkgs.bcachefs-tools}/bin/bcachefs unlock ${PRIMARY}' - # ''; + # NOTE: put the real password here, or better: read it from USB_KEY + # ExecStart = '' + # /bin/sh -c 'echo "password" | ${pkgs.bcachefs-tools}/bin/bcachefs unlock ${PRIMARY}' + # ''; + # ExecStart = '' + # /bin/sh -c 'mount -o ro ${USB_KEY} /key && \ + # cat /key/bcachefs.key | ${pkgs.bcachefs-tools}/bin/bcachefs unlock ${PRIMARY}' + # ''; + + # We inline a script that roughly mimics tryUnlock + openCommand behavior, + # but uses a key file from the USB stick instead of systemd-ask-password. + script = '' + echo "Using test password..." + echo "test" | ${pkgs.bcachefs-tools}/bin/bcachefs unlock "${PRIMARY}" + echo "bcachefs unlock successful for ${PRIMARY}" + ''; - # We inline a script that roughly mimics tryUnlock + openCommand behavior, - # but uses a key file from the USB stick instead of systemd-ask-password. - ExecStart = '' - /bin/sh -eu - echo "Using test password..." - echo "test" | ${pkgs.bcachefs-tools}/bin/bcachefs unlock "${PRIMARY}" - echo "bcachefs unlock successful for ''${DEVICE}" - ''; - }; }; }; diff --git a/utilities/nixos-installers/install_bcachefs.md b/utilities/nixos-installers/install_bcachefs.md new file mode 100644 index 00000000..1ad81c7a --- /dev/null +++ b/utilities/nixos-installers/install_bcachefs.md @@ -0,0 +1,96 @@ +# Install nix minimal with bcachefs filesystem + +- optional encryption +- optional auto unlock with USB key +- custom iso installer + - `nix build .\#packages.x86_64-linux.iso-minimal-stable` + +## Format main drive with boot partition + +### Partition with GPT + +```sh +DEVICE=sda +parted /dev/$DEVICE -- mklabel gpt +parted /dev/$DEVICE -- mkpart ESP fat32 1MB 2GB +parted /dev/$DEVICE -- set 1 esp on +# TODO make swap partition instead here? Bcachefs not working with swapfile +parted /dev/$DEVICE -- mkpart PRIMARY 2GB 100% +``` + +### Format partitions + +- boot + +```sh +BOOT=sda1 +mkfs.fat -F 32 -n BOOT /dev/$BOOT +``` + +- primary + +```sh +PRIMARY=sda2 +keyctl link @u @s +bcachefs format --label=nixos --encrypted /dev/$PRIMARY +bcachefs unlock /dev/$PRIMARY +``` + +### Setup subvolumes + +```sh +# keyctl link @u @s +# TODO check this is it 7 or 8 for print? +U=$(lsblk -o fsType,uuid | grep bcachefs | awk '{print $2}') +echo $U +mount /dev/disk/by-uuid/$U /mnt + +bcachefs subvolume create /mnt/@root +bcachefs subvolume create /mnt/@nix +bcachefs set-file-option /mnt/@nix --compression=zstd +bcachefs subvolume create /mnt/@snapshots +bcachefs set-file-option /mnt/@snapshots --compression=zstd +bcachefs subvolume create /mnt/@swap +bcachefs set-file-option /mnt/@swap --nocow +bcachefs subvolume create /mnt/@persist + +umount /mnt +``` + +> Tip `getfattr -d -m '^bcachefs\.' filename` + +> Note: Format any additional drives if you need to + +### Mount subvolumes + +```sh +DEV_B="/dev/disk/by-uuid/"$(lsblk -o NAME,UUID | grep $BOOT | awk '{print $2}') +DEV_P="/dev/disk/by-uuid/"$(lsblk -o NAME,UUID | grep $PRIMARY | awk '{print $2}') +mount -t bcachefs -o X-mount.subdir=@root $DEV_P /mnt +mount -t vfat $DEV_B /mnt/boot --mkdir +mount -t bcachefs -o X-mount.mkdir,X-mount.subdir=@nix,relatime $DEV_P /mnt/nix +mount -t bcachefs -o X-mount.mkdir,X-mount.subdir=@snapshots,relatime $DEV_P /mnt/.snapshots +mount -t bcachefs -o X-mount.mkdir,X-mount.subdir=@swap,noatime $DEV_P /mnt/.swap +mount -t bcachefs -o X-mount.mkdir,X-mount.subdir=@persist $DEV_P /mnt/persist +``` + +### Generate hardware config + +```sh +nixos-generate-config --root /mnt +``` + +- Copy useful bits out into real config in repo +- Run nixos-install + +```sh +nixos-install --flake "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#i001" +# nh os switch "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#i001" +``` + +or from host machine? TODO haven't tried this fully + +```sh +NIX_SSHOPTS="-i /run/agenix/nix2nix" sudo nixos-rebuild switch --flake "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=hosts/i001#i001" --target-host luser@10.12.14.157 --build-host localhost + +```